Ard Biesheuvel <ard.biesheuvel@xxxxxxxxxx> wrote: > and print a subsequent line for every lockdown feature that is enabled, e.g., > > lockdown: disabling MSRs > lockdown: disabling hibernate support There's another problem with this idea: the lockdown facility is passive - it doesn't go looking for things to lock down; rather, things that can be locked down inquire as to whether lockdown is in effect at the point someone tries to use them. Now, I could reserve a variable for each thing we lock down to make sure that we don't emit the message more than once, but I'm loathe to waste memory this way. I can't so easily switch the facility to being active either, since a lot of the lockdownables are in modules. David -- To unsubscribe from this list: send the line "unsubscribe linux-efi" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
